Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75884

[REG 5.12] Various hangs/crashes when calling setHttpUserAgent/AcceptLanguage

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.12.3, 5.13.0
    • Fix Version/s: 5.12.5, 5.13.1, 5.14.0 Beta 1
    • Component/s: WebEngine
    • Labels:
      None
    • Commits:
      9dce1c5b12db094cdc469d7d68eb3124f9393dc7 (qt/qtwebengine/5.12)

      Description

      When calling setHttpUserAgent or setHttpAcceptLanguage, I've seen various hangs, crashes and assertion failures.

      Example of a hang:

      #0  0x00007f9cd762d4ed in syscall () at /usr/lib/libc.so.6
      #1  0x00007f9cd5494c06 in QtLinuxFutex::_q_futex(int*, int, int, unsigned long long, int*, int) (val3=0, addr2=0x0, val2=0, val=3, op=0, addr=0x5631cafade78) at thread/qfutex_p.h:105
      #2  0x00007f9cd5494c06 in QtLinuxFutex::futexWait<QBasicAtomicPointer<QMutexData> >(QBasicAtomicPointer<QMutexData>&, QBasicAtomicPointer<QMutexData>::Type) (expectedValue=0x3, futex=...)
          at thread/qfutex_p.h:107
      #3  0x00007f9cd5494c06 in lockInternal_helper<false> (timeout=-1, elapsedTimer=0x0, d_ptr=...) at thread/qmutex_linux.cpp:142
      #4  0x00007f9cd5494c06 in QBasicMutex::lockInternal() (this=0x5631cafade78) at thread/qmutex_linux.cpp:159
      #5  0x00007f9cd5494f14 in QBasicMutex::lock() (this=0x5631cafade78) at thread/qmutex.h:79
      #6  0x00007f9cd5494f14 in QRecursiveMutexPrivate::lock(int) (this=0x5631cafade60, timeout=timeout@entry=-1) at thread/qmutex.cpp:706
      #7  0x00007f9cd5494e06 in QMutex::lock() (this=this@entry=0x5631cb0d74b8) at thread/qmutex.cpp:225
      #8  0x00007f9cc47c1dd5 in QMutexLocker::QMutexLocker(QBasicMutex*) (m=0x5631cb0d74b8, this=<synthetic pointer>) at /usr/include/qt/QtCore/qmutex.h:206
      #9  0x00007f9cc47c1dd5 in QtWebEngineCore::ProfileIODataQt::updateUserAgent() (this=0x5631cb0d7380)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.12.2/src/core/profile_io_data_qt.cpp:625
      #10 0x00007f9cc47bda28 in QtWebEngineCore::ProfileAdapter::setHttpUserAgent(QString const&) (this=0x5631cb1242f0, userAgent=...) at /usr/include/c++/8.2.1/bits/unique_ptr.h:342
      [...]
      

      and of a check failure (source):

      [31220:31233:0319/161459.850182:FATAL:client_socket_pool_base.cc(845)] Check failed: i != group_map_.end().
      

      and of a segfault:

      Thread 13 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffbd7fa700 (LWP 28243)]
      0x00007fffe5055c8f in Start () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:46
      46	../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc: No such file or directory.
      (gdb) bt
      #0  0x00007fffe5055c8f in Start () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:46
      #1  0x00007fffe5055c8f in network_hints::NetworkHintsMessageFilter::OnDnsPrefetch(network_hints::LookupRequest const&) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:93
      #2  0x00007fffe5055e9e in base::DispatchToMethodImpl<network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>, 0ul>(network_hints::NetworkHintsMessageFilter* const&, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>&&, std::integer_sequence<unsigned long, 0ul>) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/tuple.h:52
      #3  0x00007fffe5055e9e in base::DispatchToMethod<network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest> >(network_hints::NetworkHintsMessageFilter* const&, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>&&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/tuple.h:60
      #4  0x00007fffe5055e9e in IPC::DispatchToMethod<network_hints::NetworkHintsMessageFilter, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), void, std::tuple<network_hints::LookupRequest> >(network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), void*, std::tuple<network_hints::LookupRequest>&&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_templates.h:51
      #5  0x00007fffe5055e9e in IPC::MessageT<NetworkHintsMsg_DNSPrefetch_Meta, std::tuple<network_hints::LookupRequest>, void>::Dispatch<network_hints::NetworkHintsMessageFilter, network_hints::NetworkHintsMessageFilter, void, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&)>(IPC::Message const*, network_hints::NetworkHintsMessageFilter*, network_hints::NetworkHintsMessageFilter*, void*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&)) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_templates.h:146
      #6  0x00007fffe5055e9e in network_hints::NetworkHintsMessageFilter::OnMessageReceived(IPC::Message const&) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:80
      #7  0x00007fffe5055e9e in network_hints::NetworkHintsMessageFilter::OnMessageReceived(IPC::Message const&) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:77
      #8  0x00007fffe636f57f in content::BrowserMessageFilter::Internal::DispatchMessage(IPC::Message const&) ()
          at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/public/browser/browser_message_filter.cc:93
      #9  0x00007fffe636f57f in content::BrowserMessageFilter::Internal::OnMessageReceived(IPC::Message const&) ()
          at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/public/browser/browser_message_filter.cc:73
      #10 0x00007fffe713b8a5 in TryFiltersImpl() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/message_filter_router.cc:22
      #11 0x00007fffe712b8d0 in IPC::ChannelProxy::Context::TryFilters(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:86
      #12 0x00007fffe712baa2 in IPC::ChannelProxy::Context::OnMessageReceived(IPC::Message const&) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:121
      #13 0x00007fffe7129110 in IPC::ChannelMojo::OnMessageReceived(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_mojo.cc:263
      #14 0x00007fffe712dd44 in IPC::internal::MessagePipeReader::Receive(IPC::MessageView) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_pipe_reader.cc:107
      #15 0x00007fffe713d14c in IPC::mojom::ChannelStubDispatch::Accept(IPC::mojom::Channel*, mojo::Message*) () at ./gen/ipc/ipc.mojom.cc:295
      #16 0x00007fffe6ddaaed in mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:423
      #17 0x00007fffe71336aa in Accept() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_mojo_bootstrap.cc:838
      #18 0x00007fffe6dd808a in mojo::Connector::ReadSingleMessage(unsigned int*) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:457
      #19 0x00007fffe6dd843c in mojo::Connector::ReadAllAvailableMessages() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:486
      #20 0x00007fffe6df3570 in base::RepeatingCallback<void (unsigned int, mojo::HandleSignalsState const&)>::Run(unsigned int, mojo::HandleSignalsState const&) const & ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/callback.h:129
      #21 0x00007fffe6df3570 in mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/system/simple_watcher.cc:273
      #22 0x00007fffe6ac10e0 in base::OnceCallback<void ()>::Run() && () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/callback.h:99
      #23 0x00007fffe6ac10e0 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) ()
          at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/debug/task_annotator.cc:101
      #24 0x00007fffe6ae0409 in base::MessageLoop::RunTask(base::PendingTask*) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:421
      #25 0x00007fffe6ae1234 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) ()
          at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:432
      #26 0x00007fffe6ae1668 in base::MessageLoop::DoWork() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:480
      #27 0x00007fffe6b6dd22 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
          at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_pump_libevent.cc:210
      #28 0x00007fffe6b03e6b in base::RunLoop::Run() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/run_loop.cc:102
      #29 0x00007fffe6b03e6b in base::RunLoop::Run() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/run_loop.cc:85
      #30 0x00007fffe64b6fe4 in content::BrowserProcessSubThread::IOThreadRun(base::RunLoop*) ()
          at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/browser/browser_process_sub_thread.cc:178
      #31 0x00007fffe6b39608 in base::Thread::ThreadMain() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/threading/thread.cc:337
      #32 0x00007fffe6b6a1a1 in ThreadFunc() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:76
      --Type <RET> for more, q to quit, c to continue without paging--
      #33 0x00007ffff7f5fa9d in start_thread () at /usr/lib/libpthread.so.0
      #34 0x00007ffff7e8fb23 in clone () at /usr/lib/libc.so.6
      

      The easiest way I've found to reproduce this is:

      • Patch simplebrowser to add menu entries to change the UA:
      diff --git a/examples/webenginewidgets/simplebrowser/browserwindow.cpp b/examples/webenginewidgets/simplebrowser/browserwindow.cpp
      index 5d00cd19..91e31eb1 100644
      --- a/examples/webenginewidgets/simplebrowser/browserwindow.cpp
      +++ b/examples/webenginewidgets/simplebrowser/browserwindow.cpp
      @@ -210,6 +210,16 @@ QMenu *BrowserWindow::createEditMenu()
               currentTab()->findText(m_lastSearch, QWebEnginePage::FindBackward);
           });
       
      +    QAction *userAgentAction = editMenu->addAction(tr("UA 1"));
      +    connect(userAgentAction, &QAction::triggered, [this]() {
      +        m_profile->setHttpUserAgent("UA 1");
      +    });
      +
      +    QAction *userAgentAction2 = editMenu->addAction(tr("UA 2"));
      +    connect(userAgentAction2, &QAction::triggered, [this]() {
      +        m_profile->setHttpUserAgent("UA 2");
      +    });
      +
           return editMenu;
       }
       
      • Load www.cultofmac.com
      • Click the menu entry to change the UA
      • Reload
      • If there's no crash yet, click the second menu entry and reload again

      The segfault seems to go away when disabling DNS prefetching:

      diff --git a/examples/webenginewidgets/simplebrowser/main.cpp b/examples/webenginewidgets/simplebrowser/main.cpp
      index 7b77a4bd..8cf2c16d 100644
      --- a/examples/webenginewidgets/simplebrowser/main.cpp
      +++ b/examples/webenginewidgets/simplebrowser/main.cpp
      @@ -75,7 +75,7 @@ int main(int argc, char **argv)
           app.setWindowIcon(QIcon(QStringLiteral(":AppLogoColor.png")));
       
           QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::PluginsEnabled, true);
      -    QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true);
      +    // QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true);
           QWebEngineProfile::defaultProfile()->setUseForGlobalCertificateVerification();
       
           QUrl url = commandLineUrlArgument();
      

      however, the assertion failure happens with DNS prefetching disabled as well. According to some reporters, it happens with 5.12.1 but didn't with .0.

      Upstream issues:

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            juri.valdmann Jüri Valdmann (Inactive)
            Reporter:
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes